fix: implement remarks

aristosvo · aristosvo · commit 45e41a721567 · 2025-05-06T21:18:48.000+03:00
diff --git a/docs/rules/README.md b/docs/rules/README.md
@@ -80,6 +80,15 @@ These rules enforce best practices and naming conventions:
 |[aws_security_group_rule_deprecated](aws_security_group_rule_deprecated.md)|Disallow using `aws_security_group_rule` resource||
 |[aws_provider_missing_default_tags](aws_provider_missing_default_tags.md)|Require specific tags for all AWS providers default tags||
 
+### Removing secrets from state
+
+These rules recommend best practices to keep sensitive information from state:
+
+|Rule|Description|Enabled by default|
+| --- | --- | --- |
+|[aws_ephemeral_resources](aws_ephemeral_resources.md)|Recommends using available ephemeral resources instead of the original data source. This is only valid for Terraform v1.10+.||
+|[aws_write_only_arguments](aws_write_only_arguments.md)|Recommends using available write-only arguments instead of the original sensitive attribute. This is only valid for Terraform v1.11+.||
+
 ### SDK-based Validations
 
 700+ rules based on the aws-sdk validations are also available:
diff --git a/rules/ephemeral/aws_ephemeral_resources.go b/rules/ephemeral/aws_ephemeral_resources.go
@@ -51,15 +51,12 @@ func (r *AwsEphemeralResourcesRule) Check(runner tflint.Runner) error {
 		}
 
 		for _, resource := range resources.Blocks {
-			if err := runner.EmitIssueWithFix(
+			if err := runner.EmitIssue(
 				r,
 				fmt.Sprintf("\"%s\" is a non-ephemeral data source, which means that all (sensitive) attributes are stored in state. Please use ephemeral resource \"%s\" instead.", resourceType, resourceType),
 				resource.TypeRange,
-				func(f tflint.Fixer) error {
-					return f.ReplaceText(resource.TypeRange, "ephemeral")
-				},
 			); err != nil {
-				return fmt.Errorf("failed to call EmitIssueWithFix(): %w", err)
+				return fmt.Errorf("failed to call EmitIssue(): %w", err)
 			}
 		}
 	}
diff --git a/rules/ephemeral/aws_ephemeral_resources_test.go b/rules/ephemeral/aws_ephemeral_resources_test.go
@@ -31,10 +31,6 @@ data "aws_eks_cluster_auth" "test" {
 					},
 				},
 			},
-			Fixed: `
-ephemeral "aws_eks_cluster_auth" "test" {
-}
-`,
 		},
 	}
 
@@ -48,11 +44,5 @@ ephemeral "aws_eks_cluster_auth" "test" {
 			t.Fatalf("Unexpected error occurred: %s", err)
 		}
 		helper.AssertIssues(t, tc.Expected, runner.Issues)
-
-		want := map[string]string{}
-		if tc.Fixed != "" {
-			want[filename] = tc.Fixed
-		}
-		helper.AssertChanges(t, want, runner.Changes())
 	}
 }

Original file line number	Diff line number	Diff line change
`@@ -51,15 +51,12 @@ func (r *AwsEphemeralResourcesRule) Check(runner tflint.Runner) error {`
`51`	`51`	`}`
`52`	`52`
`53`	`53`	`for _, resource := range resources.Blocks {`
`54`		`- if err := runner.EmitIssueWithFix(`
	`54`	`+ if err := runner.EmitIssue(`
`55`	`55`	`r,`
`56`	`56`	`fmt.Sprintf("\"%s\" is a non-ephemeral data source, which means that all (sensitive) attributes are stored in state. Please use ephemeral resource \"%s\" instead.", resourceType, resourceType),`
`57`	`57`	`resource.TypeRange,`
`58`		`- func(f tflint.Fixer) error {`
`59`		`- return f.ReplaceText(resource.TypeRange, "ephemeral")`
`60`		`- },`
`61`	`58`	`); err != nil {`
`62`		`- return fmt.Errorf("failed to call EmitIssueWithFix(): %w", err)`
	`59`	`+ return fmt.Errorf("failed to call EmitIssue(): %w", err)`
`63`	`60`	`}`
`64`	`61`	`}`
`65`	`62`	`}`
Original file line number	Diff line number	Diff line change
`@@ -31,10 +31,6 @@ data "aws_eks_cluster_auth" "test" {`
`31`	`31`	`},`
`32`	`32`	`},`
`33`	`33`	`},`
`34`		- Fixed: `
`35`		`-ephemeral "aws_eks_cluster_auth" "test" {`
`36`		`-}`
`37`		-`,
`38`	`34`	`},`
`39`	`35`	`}`
`40`	`36`
`@@ -48,11 +44,5 @@ ephemeral "aws_eks_cluster_auth" "test" {`
`48`	`44`	`t.Fatalf("Unexpected error occurred: %s", err)`
`49`	`45`	`}`
`50`	`46`	`helper.AssertIssues(t, tc.Expected, runner.Issues)`
`51`		`-`
`52`		`- want := map[string]string{}`
`53`		`- if tc.Fixed != "" {`
`54`		`- want[filename] = tc.Fixed`
`55`		`- }`
`56`		`- helper.AssertChanges(t, want, runner.Changes())`
`57`	`47`	`}`
`58`	`48`	`}`